Documenting the NSX-v DFW with PowerNSX
Documenting firewall configuration is challenging at the best of times, in most enterprise networks there are tens of thousands of lines of ACLs that have been added organically over time to any number of firewalls. Documentation of said policy is normally the actual configuration that you see on the console in front of you, which is great but depending on the vendor it may be difficult to extract that data into a more usable format.
In any case, with the Distributed Firewall in NSX-v you have the same challenge, configuration exists in NSX Manager, viewed via the vSphere Web Client, but an export of the policy is to XML format only. Now this presents a challenge, as I would optimally like to have to the policy in a format which I can use in tools such as MS Excel.
I could always document the policy manually, but that would be monotonous and I’d rather be playing Basketball on my weekends 😉 So when I started looking into a mechanism to create the documentation, I originally thought about using Python to make a REST call to the NSX-v API, grab the data and then spit it out into an Excel workbook using an existing Excel/Python module. However, at around the same time, Nick Bradford had just released PowerNSX, which is a Powershell module for working with NSX-v, so I figured why not give that a go and get some Powershell chops at the same time.
If you head over to my GitHub repository, you can find the script along with some instructions on how to run it, but for the curious, here’s a link to the sample Excel Workbook that gets created (keep in mind your workbook would most likely be much more verbose).
Where to find more information on PowerNSX
Screen Grab of Sample Excel Workbook
Please download latest sample Excel Workbook for an up to date preview.